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IN THE CLAIMS: 



A 



1. (Currently Amended) A system inclu< ing a processor, and a collection of 
resources interacting with said processor, said reso orces including at least a memory and a 
library of executable modules that are supported b; > an operating system, the improvement 
comprising: 

a plurality of processing stacks, each inclu ling a predefined set of at least one 
mediation module that processes an applied signa to form a signal that is applied to said at 
least one resource of said collection of resources; and 

a service director module that intercepts n quests of different types that are directed 
to said resources, classifies said requests in accor lance with said types of said requests, 
each different one of said resources being responsive to requests of a different type, said 




requests in accordance with said types of said requests, and directs said requests to 
different ones of said processing stacks, based on said classifying. 



2. (Original) The system of claim 1 
said signal is applied develops an output signal 
mediation module. 



wherein said at least one resource to which 
is accepted by said at least one 



Uat] 



3. (Original) The system of claim 1, wherein at least one processing stack of said 
plurality of processing stacks comprises an ordered sequence of at least two mediation 
modules. 

4. (Original) The system of claim 1, 
request from an application that is active on 
said at least one mediation module. 



v^erein said service director receives a 
arrangement and applies said request to 



said 



5* (Original) The system of claim 4, v 
return signal from said at least one resource 
return signal to form a processed return signal, 
said application. 



herein said mediation module receives a 
of iaid collection of resources, processes said 
and sends said processed return signal to 
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6. (Original) The system of claim 5 wherein said at least one resource of said 
collection of resources sends saidlprocessed return signal via said service director. 




7. (Original) The systemlof claim 1, wherein said at least one mediation module 
is based upon a chosen security policy. 

8. (Original) The system of claim 1, wherein said at least one mediation module 
in said processing stack perfonns encryption, 

9. (Original) The system of claim 1, wherein said mediation module is a 
namespace manager. 

10. (Original) The system ot claim 1, wherein said mediation module performs 
authentication. 



11. (Original) The system of ^laim 1 wherein said mediation module is a secure 
file system. 

12. (Original) The system of claim 1, wherein said service director includes: 
a service request classifier that classifies a received service request; and 
a processing stack selector that selects a processing stack based upon said 

classification, and communicates said service request to said selected processing stack. 

13. (Original) The system of claixfa 1, wherein said service director includes a 
service request classifier that classifies a service request based upon the type of service 
request and arguments of the service request 



14. (Original) The system of claim 1 further comprising a connection to a 



network. 



15. (Original) The system of claim 14Wherein said connection is secure. 
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16. (Original) The system If claim 14, wherein said network is a virtual private 



network. 




17. (Original) The system ot claim 16 wherein said connection is secured. 

18. (Original) The system of\claim 17 wherein said connection is secured through 
encryption. 

19. (Original) The system of claim 1 further comprising a compliance supervisor 
that is coupled to said processing stacks! and to said service director, and is adapted for 
receiving security policy information from outside said system. 

20. (Original) The system of claim 19, wherein said compliance supervisor 
receives said security policy information from a virtual private network. 

21. (Original) The system of claik 19, wherein said compliance supervisor 
includes a processing stack modifier that modifies said processing stack based upon a 
received security policy. 

22. (Original) The system of claimll9, wherein said compliance supervisor 
includes a processing stack creator that creates a processing stack based upon said security 
policy. 

23. (Original) The system of claim ll wherein said at least one mediation module 
includes at least one authentication code retriever that retrieves an authentication code and 
a validation system that validates said service request against said authentication code. 



24. (Original) The system of claim 1 wherein said operating system includes 
means to prevent implication of an operating sy^fem breach from an administrative user 
breach. 
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25. (Original) The system of claim 1 wherein said service director and said 
processing stacks are embedded in a loadable library of C language executable modules. 

26- (Original) The system of ilaim 1 further comprising a read-only program 
store that is read by said system upon boot-up. 

27. (Original) The system of claim 26, wherein said system includes an 
operating system, and said read-only prodram store contains a program module for 
verifying the operating system, and authentication program modules for authenticating 
software present in said memory of said system. 

28- (Original) The system of claim 27 where said software that is authenticated 
by said authentication program modules includes software that forms an operating system 
of said system. 

29. (Original) The system of claim 28 where said authentication program 
modules develop a cryptographic hash of software to be authenticated. 

30. (Original) A storage medium that Stores a control routine for use by a system 
to assure security of said system, the control routine including instructions for: 

booting said standalone host with an authenticated operating system located on said 
storage medium; 

verifying an operating system of said syst&m; 

transferring control of said system to operdf ing system on said system when said 
operating system on said system is verified. 



31. (Original) The storage medium of claiifa 30, wherein said control routine 
verifies said operating system of said system by reading executable modules of said 
operating system of said system, determining a cryptographic hash for said executable 
modules, and comparing said cryptographic hash to a known value. 
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32. (Original) The storage medh an of claim 30 where said control routine further 
includes steps for: 

verifying software that implements^ reverse sandbox on said system; and 
transferring control of said standalohe host to said reverse sandboxing software. 

33. (Original) The storage medium of claim 30 further comprising reverse 
sandbox software to be installed in said syst 



34. (Original) The storage medium of claim 33 wherein said reverse sandbox 
software includes a service director, a compliance supervisor, and a processing stack 
including at least one mediation module. 
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